[Samba] Samba4.2rc4 with winbindd in config cannot start samba process

Kelvin Yip kelvin at icshk.com
Tue Jan 20 23:00:56 MST 2015 

Hi all,

 

I have tried to migrate a domain from Samba3 to Samba4 Ad and now using
samba RC4. Referring to release note document, I should use winbindd instead
of winbind. However, I cannot start samba4 daemon when using winbindd
parameters, but can start using winbind parameters.

 

Would you please help. Thanks. Below is the current config file:

[global]

   # workgroup = NT-Domain-Name or Workgroup-Name

   workgroup = ICS

   realm = icshk.local

   netbios name = LINUX01

   server role = active directory domain controller

   server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate

   idmap_ldb:use rfc2307 = yes

 

 

# server string is the equivalent of the NT Description field

   server string = %h

 

   #domain admin group = root

   #hosts allow = 192.168.188. 127.

   #socket address = 192.168.188.1

   #interfaces = eth0 192.168.188.1

   #interfaces = eth0 192.168.188.0/24

   interfaces = lo bond0

   #interfaces = lo bond0 em1 em2 em3 em4

   #interfaces = 192.168.188.0/24

   bind interfaces only = yes

 

   load printers = yes

   #printing = lprng

   #printcap name = /etc/printcap

   printcap name = cups

   printing = cups

   cups options = raw

   use client driver = Yes

 

   log file = /var/log/samba/samba.log

   max log size = 3000

   log level = 3

   debug level = 0

#   log level = 10

#   debug level = 10

   pid directory = /var/run/samba

   eventlog list = Application Security System

 

   use sendfile=yes

   #write cache size = 262144

   #large readwrite = yes

   #read raw = yes

   #write raw = yes

   # In order to store outlook pst in share drive, seems kernel oplocks
cannot be turn on

   #kernel oplocks = yes

   #max xmit = 65535

   #dead time = 15

   #getwd cache = yes

 

   guest account = winguest

   #security = user

   encrypt passwords = yes

   #smb passwd file = /etc/samba/smbpasswd

   #username map = /etc/samba/smbusers

   unix password sync = Yes

   #pam password change = No

   #obey pam restrictions = Yes

   #passwd program = /usr/bin/passwd %u

   passwd program = /usr/local/sbin/change_passwd.sh %u

   passwd chat = *Enter*new*password* %n\n *Re-type*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*

;  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*

;  passwd chat = *New*password* %n\n *ReType*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*

   # Modified for LDAP

   #passdb backend = tdbsam, smbpasswd

   #passdb backend = ldapsam:ldap://127.0.0.1/

   #ldap passwd sync = No

   #ldap suffix = dc=ics,dc=hk

   #ldap admin dn = cn=ldapadmin,dc=ics,dc=hk

   #ldap ssl =start tls

   #ldap ssl = off

   #ldap group suffix = ou=Groups

   #ldap user suffix = ou=Users

   #ldap machine suffix = ou=Computers

   #ldap idmap suffix = ou=Users

 

   #idmap config * : backend = tdb

   #idmap config * : range = 1000000-1999999

 

#Note that password level 20 means compare passwords, CASE INSENSITIVE, for
the first 20 characters. This eliminates problems with Windows converting
everything to caps.

   #password level = 20

   check password script=/usr/local/sbin/crackcheck -l 2

 

# Most people will find that this option gives better performance.

# See speed.txt and the manual pages for details

   #socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

   #socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
IPTOS_LOWDELAY

   #socket options = TCP_NODELAY SO_RCVBUF=65535 SO_SNDBUF=65535
IPTOS_LOWDELAY

   #socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=16384
SO_SNDBUF=16384 IPTOS_LOWDELAY

 

   local master = yes

 

# OS Level determines the precedence of this server in master browser

# elections. The default value should be reasonable

   os level = 64

 

   domain master = yes

   preferred master = yes

   domain logons = yes

 

   logon script = %G.bat

   add user script = /usr/sbin/useradd -g users -s /bin/false %u

   add group script = /usr/sbin/groupadd %g

   add user to group script = /usr/sbin/usermod -G %g %u

   add machine script = /usr/sbin/useradd -n -g machines -c Machines -d
/dev/null -s /bin/false %u

   delete user script = /usr/sbin/userdel %u

   delete user from group script = /usr/local/sbin/delUserfromGroup %u %g

   delete group script = /usr/sbin/groupdel %g

   set primary group script = /usr/sbin/usermod -g %g %u

 

   # Modified for LDAP

   #add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes

   #add group script = /usr/sbin/smbldap-groupadd -p "%g"

   #add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"

   #delete user script = /usr/sbin/smbldap-userdel "%u"

   #add machine script = /usr/sbin/smbldap-useradd -w "%u"

   #delete group script = /usr/sbin/smbldap-groupdel "%g"

   #delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"

   #set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

 

# Where to store roving profiles (only for Win95 and WinNT)

#        %L substitutes for this servers netbios name, %U is username

#        You must uncomment the [Profiles] share below

;   logon path = \\%L\Profiles\%U

 

   #name resolve order = wins lmhosts bcast

   name resolve order = lmhosts wins host bcast

 

#   wins support = yes

   wins proxy = no

   dns proxy = no

 

   msdfs root = yes

   host msdfs = yes

# Case Preservation can be handy - system default is _no_

# NOTE: These can be set on a per share basis

;  preserve case = no

;  short preserve case = no

# Default case is normally upper case for all DOS files

  default case = lower

# Be very careful with case sensitivity - it can break things!

;  case sensitive = no

 

#   hide files = /desktop.ini/ntuser.ini/NTUSER.*/

#   hide dot files = No

#   veto files = /lost+found/

#   hide unreadable = Yes

#  Traditonal Chinese code page

#   client code page = 950

   dos charset = BIG5

 

   #client lanman auth = Yes

   #client plaintext auth = Yes

   #lanman auth = Yes

 

   utmp = Yes

   #deadtime = 0

   keepalive = 0

 

   logon drive = x:

   logon home = \\%L\%U

   template homedir = /home/%U

 

   #root preexec = /usr/local/sbin/smb_global_preexec.sh %U %m

   #root postexec = /usr/local/sbin/smb_global_postexec.sh %U %m

 

   #max protocol = SMB2

   #nt acl support = Yes

   #acl group control = Yes

   #client NTLMv2 auth=Yes

   time server=Yes

   #enable privileges = yes

   ea support = yes

   restrict anonymous = 2

   #restrict anonymous = 1

   #server signing = mandatory

   #server signing = auto

   client signing = auto

   client schannel = Auto

   server schannel = Auto

   client use spnego = yes

 

   tls enabled = Yes

   tls keyfile = tls/samba_linux01.icshk.local.key

   tls certfile = tls/samba_linux01.icshk.local.pem

   tls cafile =

 

#============================ UFS Logging ==============================

 

vfs objects = full_audit

full_audit:prefix = %u|%I|%m|%S

#full_audit:failure = connect

#full_audit:success = connect disconnect opendir mkdir rmdir closedir open
close read pread write pwrite sendfile rename unlink chmod

#full_audit:success = rename unlink rmdir pwrite

full_audit:success = rename unlink rmdir

full_audit:failure = none

full_audit:facility = local6

full_audit:priority = notice

More information about the samba mailing list